chldapserver
Use the chldapserver command to modify a Lightweight Directory Access Protocol (LDAP) server.
Syntax
>>- chldapserver -- --+---------------------+-------------------> '- -ip -- ip_address -' >--+------------------------+--+-----------------+--------------> '- -name -- server_name -' '- -port -- port -' >--+-------------------------+--+----------------------+--------> +- -sslcert -- file_name -+ +- -basedn -- base_dn -+ '- -nosslcert ------------' '- -nobasedn ----------' >--+-------------------------+--+- ldap_server_id ---+-- ------>< '- -preferred --+- yes -+-' '- ldap_server_name -' '- no -'
Parameters
- -ip ip_address
- (Optional) Specifies the server IP address (Internet Protocol Version 4 or 6).
- -name server_name
- (Optional) Specifies the LDAP server name.
- -port port
- (Optional) Specifies the LDAP server port.
- -sslcert file_name | -nosslcert
- (Optional) Set (-sslcert) or clear (-nosslcert) the secure socket layer (SSL) certificate.
- -basedn base_dn | -nobasedn
- (Optional) Use the base distinguished name (DN) for search (-nobasedn indicates to use the default DN).
- -preferred yes | no
- (Optional) Specifies whether the server is preferred over other configured LDAP servers (or not preferred).
- ldap_server_id | ldap_server_name
- (Required) Specifies the LDAP server ID or name.
Description
If -sslcert is specified, the server certificate is verified while authenticating. The SSL certificate must exist on the current node. If -nosslcert is specified, any certificate file is deleted and the server certificate is not checked.
The -basedn parameter indicates the distinguished name (DN) to use as a base from which to search for users in the LDAP directory. If Transport Layer Security (TLS) is enabled and -sslcert is specified, the server certificate is verified during authentication. The secure socket layer (SSL) certificate must exist on the node being used. Otherwise, a server certificate is not checked.
The clustered system (system) must be configured with an appropriate version IP address when -ip is specified. The IP address specified with the -ip parameter must be of a version supported by the system. The certificate file must be in valid PEM format and have a maximum length of 12 kilobytes.
Distinguished names must be a sequence of attribute=value pairs separated by a comma (,), semi-colon(;), or plus sign (+) escaping special characters with \ where appropriate, and specified UTF-8 characters using their byte encoding. For example, , for commas or \C4\87 for the UTF-8 character c acute.
This command runs whether or not LDAP authentication is enabled.
An invocation example with basic server details
chldapserver -ip 192.135.60.3 -port 400 ldapserver0
The resulting output:
No feedback
An invocation example specifying an SSL certificate
chldapserver -sslcert /tmp/activedirectorycert.pem 0
The resulting output:
No feedback
An invocation example to remove an SSL certificate
chldapserver -nosslcert 0
The resulting output:
No feedback